Re: Proposal to the TSC: enable 2FA requirement across all orgs


Andrew Grimberg
 

No, that's not actually possible. You can verify if a change comes in
with a GPG signature on it, but not if a particular account is using 2FA
for access to the GitHub UI. Those are two distinctly different things.

As an aside, we currently have a change under review [0] against lftools
that will allow someone with admin rights on a GH org to get an "audit"
of the org including who does and does not have 2FA enabled.

-Andy-

[0] https://gerrit.linuxfoundation.org/infra/c/releng/lftools/+/15264

On 5/30/19 3:41 PM, Brian Behlendorf wrote:
Can we tell which commits come in without 2FA?

Brian

On 5/30/19 2:02 PM, Christopher Ferris wrote:
You should give a warning. You can add all github ids to a team and @
the team. Maybe give a few days to remediate. I approve subject to
advance warning and update to contributors guides.

Cheers,

Christopher Ferris
IBM Fellow, CTO Open Technology
IBM Digital Business Group, Open Technologies
email: chrisfer@... <mailto:chrisfer@...>
twitter: @christo4ferris
blog: https://developer.ibm.com/code/author/chrisfer/
IBM Open Source white
paper: https://developer.ibm.com/articles/cl-open-architecture-update/
phone: +1 508 667 0402 <tel:+1%20508%20667%200402>

On May 30, 2019, at 4:54 PM, Ry Jones <rjones@...
<mailto:rjones@...>> wrote:

In light of recent discussions on this mailing list,
<https://lists.hyperledger.org/g/tsc/message/2295> I ask the TSC to
vote by email on enabling 2FA for the Hyperledger and Hyperledger
Labs orgs.

We will lose many members that are committers. It will cause turbulence.
Ry
--
Ry Jones
Community Architect, Hyperledger
Chat <https://www.youtube.com/watch?v=EEc4JRyaAoA>: @rjones
<https://chat.hyperledger.org/direct/rjones>
--
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@...
Twitter: @brianbehlendorf

--
Andrew J Grimberg
Manager Release Engineering
The Linux Foundation

Join toc@lists.hyperledger.org to automatically receive all group messages.